Merge pull request #11 from kubesphere/dev-ll
Add the "-a" parameter to show more information about the best practice
This commit is contained in:
commit
b1dfc53df7
10
README.md
10
README.md
|
@ -96,9 +96,8 @@ kube-system Warning coredns Deployment 2020-11-27T1
|
|||
| :white_check_mark: | PodFileExists | Check for existing files|
|
||||
| :white_check_mark: | PodTooManyOpenFiles | The number of file /socket connections opened by the program exceeds the system set value|
|
||||
| :white_check_mark: | PodNoSpaceLeftOnDevice | Check for disk and inode usage|
|
||||
| | NodeTokenExpired | Token certificate expired|
|
||||
| | NodeApiServerExpired | kube-apiserver certificate expired|
|
||||
| | NodeKubeletExpired | Kubelet certificate expired|
|
||||
| | NodeTokenExpiredPeriod | Check Token expiration period is one month|
|
||||
| | NodeKubeletExpiredPeriod | Check Kubelet period is one month|
|
||||
| :white_check_mark: | PodSetCpuRequestsMissing | The CPU Resource Request value was not declared|
|
||||
| :white_check_mark: | PodSetHostIPCSet | Set the hostIP|
|
||||
| :white_check_mark: | PodSetHostNetworkSet | Set the hostNetwork|
|
||||
|
@ -135,8 +134,7 @@ checks:
|
|||
|
||||
customChecks:
|
||||
imageFromUnauthorizedRegistry:
|
||||
successMessage: Image from an authorized registriy.
|
||||
failureMessage: Image from an unauthorized registry.
|
||||
promptMessage: When the corresponding rule does not match. Show that image from an unauthorized registry.
|
||||
category: Images
|
||||
target: Container
|
||||
schema:
|
||||
|
@ -152,7 +150,7 @@ customChecks:
|
|||
- Save the above rule as a yaml, for example, `rule.yaml`.
|
||||
- Run kubeye with `rule.yaml`
|
||||
```shell
|
||||
root:# ke fault -f rule.yaml --kubeconfig ~/.kube/config
|
||||
root:# ke diags -f rule.yaml --kubeconfig ~/.kube/config
|
||||
NAMESPACE SEVERITY NAME KIND TIME MESSAGE
|
||||
default Warning nginx Deployment 2020-11-27T17:18:31+08:00 [imageFromUnauthorizedRegistry]
|
||||
kube-system Warning node-problem-detector DaemonSet 2020-11-27T17:18:31+08:00 [livenessProbeMissing runAsPrivileged]
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
#successMessage: CPU limits are set
|
||||
promptMessage: CPU limits should be set
|
||||
category: Resources
|
||||
target: Container
|
||||
|
|
|
@ -23,12 +23,13 @@ import (
|
|||
)
|
||||
|
||||
var config string
|
||||
var allInformation bool
|
||||
|
||||
var auditCmd = &cobra.Command{
|
||||
Use: "diags",
|
||||
Short: "diagnostic information from the cluster",
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
err := validator.Cluster(config, cmd.Context())
|
||||
err := validator.Cluster(config, cmd.Context(), allInformation)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
|
@ -39,4 +40,5 @@ func init() {
|
|||
rootCmd.AddCommand(auditCmd)
|
||||
pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
|
||||
auditCmd.Flags().StringVarP(&config, "filename", "f", "", "Customize best practice configuration")
|
||||
auditCmd.Flags().BoolVarP(&allInformation, "all", "a", false, "Show more specific information")
|
||||
}
|
||||
|
|
|
@ -34,6 +34,3 @@ func Execute() {
|
|||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
func init() {
|
||||
rootCmd.PersistentFlags().BoolVar(&Verbose, "debug", true, "Print detailed information")
|
||||
}
|
||||
|
|
|
@ -28,7 +28,7 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
func Cluster(configuration string, ctx context.Context) error {
|
||||
func Cluster(configuration string, ctx context.Context, allInformation bool) error {
|
||||
k, err := kube.CreateResourceProvider(ctx)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "Failed to get cluster information")
|
||||
|
@ -117,13 +117,32 @@ func Cluster(configuration string, ctx context.Context) error {
|
|||
if len(goodPractice) != 0 {
|
||||
fmt.Fprintln(w, "\nNAMESPACE\tSEVERITY\tNAME\tKIND\tTIME\tMESSAGE")
|
||||
for _, goodpractice := range goodPractice {
|
||||
var message []string
|
||||
if allInformation {
|
||||
for _, tmpMessage := range goodpractice.ContainerResults[0].Results {
|
||||
message = append(message, tmpMessage.Message, "")
|
||||
}
|
||||
if len(goodpractice.Results) != 0 {
|
||||
for _, tmpResult := range goodpractice.Results {
|
||||
if tmpResult.Success == false {
|
||||
message = append(message, tmpResult.Message, "")
|
||||
}
|
||||
}
|
||||
message = message[:len(message)-1]
|
||||
} else {
|
||||
message = message[:len(message)-1]
|
||||
}
|
||||
|
||||
} else {
|
||||
message = goodpractice.Message
|
||||
}
|
||||
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%-8v",
|
||||
goodpractice.Namespace,
|
||||
goodpractice.Severity,
|
||||
goodpractice.Name,
|
||||
goodpractice.Kind,
|
||||
goodpractice.CreatedTime,
|
||||
goodpractice.Message,
|
||||
message,
|
||||
)
|
||||
fmt.Fprintln(w, s)
|
||||
continue
|
||||
|
|
Loading…
Reference in New Issue